Phishing is an attack method used by hackers and criminals to get unwitting people to enter sensitive information and login details into a fraudulent website. Attackers typically use electronic communications like emails to influence people to enter details into their fraudulent websites.

Terms related to Phishing: Spear Phishing, Whaling, Social Engineering, Attack Vector, Login.

Phishing is a type of social engineering that dupes unsuspecting people (for example, employees and executives) to enter their sensitive information, like logins and password details, into a website that duplicates the look of an official website.

Once those details have been entered, criminals collect the data and then use those logins, passwords, and other information to illegally access systems and data. Depending on the seniority of the login they steal, this can expose large parts of a business’s apps, processes, and data to a hacker. They can use this access to steal data and cause further harm.

There are several types of targeted phishing.

Bulk Phishing
This is the most basic type of phishing and involves sending very similar emails to large numbers of people, in the hope of fooling a small percentage.

Spear Phishing
This type of phishing attack targets specific individuals, using personal information to make phishing attacks more convincing and likely to succeed.

Similar to spear phishing, whaling targets senior managers and executives at companies, who will have more senior levels of access.

IT professionals can protect against phishing by using two-factor or multi-factor authentication that requires a second or third type of identification besides a login or password (like a security token or biometrics). Because a hacker won’t be able to provide this other type of authentication, they will not be able to access the system, even with a login and password.

Phishing Resources from Crossmatch